From patchwork Fri Aug 27 10:16:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fuad Tabba X-Patchwork-Id: 12461867 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CAB50C432BE for ; Fri, 27 Aug 2021 10:19:50 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9938460FDA for ; Fri, 27 Aug 2021 10:19:50 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 9938460FDA Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Cc:To:From:Subject:References: Mime-Version:Message-Id:In-Reply-To:Date:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner; bh=d4haTpIs9EjWje9gcRh3TYSss4JULjir3GuE8NF3prM=; b=r9n9iF8l2zp2UWEVdTTnkdlVvY oXLCmKshNTWHP5oNrNTc3xgf1l2Fde24X2tdRZDBkZqNOBzf6EF5IxJBzAyCuQZX1A7DUmVx45aNy ycyQ7xvbnWupen3QJW7NeSYLLKt76TgMJbYMWDii5N+/pWO098uHaPI89aM8RBfWn7QBLmnjJDoqu aw1YM+zmITdph6abdS5ejeOhTd+ksqbQKVlY/xMoWc66N+Ai2UdIB/MXPrpTuYinqkVlLlthMnn5E dahWlJUamN77hf2BAMqxtPwZ3IWBy8ew+VSOA9acQGsBtNlDdGbvKPnWctxWVETAvKFgHZsC5WTXh 7Jkyh2WA==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mJYvp-00CEKh-SQ; Fri, 27 Aug 2021 10:17:54 +0000 Received: from mail-qt1-x849.google.com ([2607:f8b0:4864:20::849]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mJYuS-00CE0R-RL for linux-arm-kernel@lists.infradead.org; Fri, 27 Aug 2021 10:16:30 +0000 Received: by mail-qt1-x849.google.com with SMTP id e3-20020ac80b030000b029028ac1c46c2aso31859qti.2 for ; Fri, 27 Aug 2021 03:16:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=7Wr1c8QdaWfV4IkzMvbq8rsuOgcUfrUVwpNW94s4KlQ=; b=jqTiY84bDwyDnYgeOBntMKkUrRKsSuLdDybsls1ckTi72mQrqU9MJHyU/YHjN3RicM ZdnuhjDg9QBmBra4754W5lwhvDbBm5+6q4dtreCVPQlcr/1npGJ/RdxdozMwZE5TVDHu p1EUx7UVsQ+e7DHonBMh4dsY5MxbNWsVuhYebKjcE227rS5y4YezB0dZ2lpPnvdYd0tI IEIcprf4+8WRH4GN0BLj1D3OY3mj4nRF+nmpLQegsaK6y0Jpq80xbPSDmYQA7HTAAwtS vBSdw4thyzmlWvQH2nzcCVNdKvdw+CBLxDOs8SBqeBvjE8M7yvIwhDakTm4Qbzhn+Z/W nmsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=7Wr1c8QdaWfV4IkzMvbq8rsuOgcUfrUVwpNW94s4KlQ=; b=GzqlURDrkxnGFpeG3fZnh3oLZ5YBDbDtxO1ejRlA2P6GXMi8OBdyXaabsZz3KzbHB3 w2nGznS5lfr60Yb3PuV8Pi6LB5qPCc5KOjteMlB04snmnUOUqoTb0qsrmy6+70NWRB0i Aox2cb/RXhliox3pY1+dxorRVIAA/MlZkk/iDzx6YlRQlu53irwRyACYHdTT0X9MT2G2 DcRpB34UzANwgXmTKXd0YsjE/4BZxDgJ0s1wKpbAMXHNx/COSqhWB+r162R3YAF6KIKy /UUAeOpSEMP8LH2RLskdI7K1+ICaw83Ccz8wFWPJPR9Mi382PDMyHQC6bSQLh2mb23K6 9lxw== X-Gm-Message-State: AOAM531XKsyaVBlMZ+pKrfKvoeWSQ/elBe3tqYBYTeTWrhPcMO/OYveW Jc6+3grN7gvOsAB5414HaGlCOYBZMA== X-Google-Smtp-Source: ABdhPJxr+OmFFSWemlsehudkURr3Vn6uvi0dUeFRBVF03SxZL/KBLtu9Ua2mp8cnp0Y5EA20Atj1oYsufg== X-Received: from tabba.c.googlers.com ([fda3:e722:ac3:10:28:9cb1:c0a8:482]) (user=tabba job=sendgmr) by 2002:a0c:aac3:: with SMTP id g3mr9077497qvb.14.1630059386604; Fri, 27 Aug 2021 03:16:26 -0700 (PDT) Date: Fri, 27 Aug 2021 11:16:08 +0100 In-Reply-To: <20210827101609.2808181-1-tabba@google.com> Message-Id: <20210827101609.2808181-8-tabba@google.com> Mime-Version: 1.0 References: <20210827101609.2808181-1-tabba@google.com> X-Mailer: git-send-email 2.33.0.259.gc128427fd7-goog Subject: [PATCH v5 7/8] KVM: arm64: Trap access to pVM restricted features From: Fuad Tabba To: kvmarm@lists.cs.columbia.edu Cc: maz@kernel.org, will@kernel.org, james.morse@arm.com, alexandru.elisei@arm.com, suzuki.poulose@arm.com, mark.rutland@arm.com, christoffer.dall@arm.com, pbonzini@redhat.com, drjones@redhat.com, oupton@google.com, qperret@google.com, kvm@vger.kernel.org, linux-arm-kernel@lists.infradead.org, kernel-team@android.com, tabba@google.com X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20210827_031628_937479_E7072CCA X-CRM114-Status: GOOD ( 10.77 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org Trap accesses to restricted features for VMs running in protected mode. Access to feature registers are emulated, and only supported features are exposed to protected VMs. Accesses to restricted registers as well as restricted instructions are trapped, and an undefined exception is injected into the protected guests, i.e., with EC = 0x0 (unknown reason). This EC is the one used, according to the Arm Architecture Reference Manual, for unallocated or undefined system registers or instructions. Only affects the functionality of protected VMs. Otherwise, should not affect non-protected VMs when KVM is running in protected mode. Signed-off-by: Fuad Tabba --- arch/arm64/kvm/hyp/nvhe/switch.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/arch/arm64/kvm/hyp/nvhe/switch.c b/arch/arm64/kvm/hyp/nvhe/switch.c index 41f05bf88f61..fe0c3833ec66 100644 --- a/arch/arm64/kvm/hyp/nvhe/switch.c +++ b/arch/arm64/kvm/hyp/nvhe/switch.c @@ -171,8 +171,23 @@ static const exit_handler_fn hyp_exit_handlers[] = { [ESR_ELx_EC_PAC] = kvm_hyp_handle_ptrauth, }; +static const exit_handler_fn pvm_exit_handlers[] = { + [0 ... ESR_ELx_EC_MAX] = NULL, + [ESR_ELx_EC_CP15_32] = kvm_hyp_handle_cp15, + [ESR_ELx_EC_CP15_64] = kvm_hyp_handle_cp15, + [ESR_ELx_EC_SYS64] = kvm_handle_pvm_sys64, + [ESR_ELx_EC_SVE] = kvm_handle_pvm_restricted, + [ESR_ELx_EC_FP_ASIMD] = kvm_handle_pvm_fpsimd, + [ESR_ELx_EC_IABT_LOW] = kvm_hyp_handle_iabt_low, + [ESR_ELx_EC_DABT_LOW] = kvm_hyp_handle_dabt_low, + [ESR_ELx_EC_PAC] = kvm_hyp_handle_ptrauth, +}; + const exit_handler_fn *kvm_get_exit_handler_array(struct kvm *kvm) { + if (unlikely(kvm_vm_is_protected(kvm))) + return pvm_exit_handlers; + return hyp_exit_handlers; }